 | Nix PHP | 77 Members |
| A room for PHP developers running on Nix | 22 Servers |
| Nix PHP | 77 Members |
| A room for PHP developers running on Nix | 22 Servers |
| Sender | Message | Time |
|---|---|---|
| 7 Feb 2024 | ||
 @patka_123:matrix.org | That is a good explanation of why a lot of projects don't provide a composer.lock. The FOSS packages we maintain at $work also don't have a lock | 05:08:45 |
| @patka_123:matrix.org | In reply to @drupol:matrix.org I don't understand this. Putting a package under by-name is done for applications, so there you want a lock file. The application is the "end user" and thus decides all versions. If you have some kind of library that might be a dependency elsewhere then the package should be in something like php83. and you still want a lock file. We can't magically figure out at runtime which dependencies to build if there is no lockfile. | 06:05:55 |
| @patka_123:matrix.org | Or am I missing something? | 06:06:15 |
 etu | In reply to @drupol:matrix.orgYeah... I mean... it's one way :D | 06:12:03 |
| @patka_123:matrix.org | In reply to @drupol:matrix.org To me it makes sense. They are just "vendoring" their dependencies so they provide all dependencies for you already. Unless you override it the dictate the exact dependencies. This seems to me the most reproducible way, isn't it? | 06:18:45 |
| @patka_123:matrix.org | In reply to @drupol:matrix.org* | 06:34:29 |
 Pol | In reply to @patka_123:matrix.orgComposer.lock should be available if and only if the package you're shipping is meant to be an application. | 08:00:03 |
| Pol | In reply to @patka_123:matrix.orgThe vendor dir is incomplete. That's the funny part ! | 08:00:39 |
| Pol | Jan Tojnar: Do you think it's ready to merge? https://github.com/fossar/nix-phps/pull/321 | 08:21:21 |
| @patka_123:matrix.org | Who can make issue labels for nixpkgs? Every language seems to have a "6.topic: java" like tag. But there's none for php | 11:07:07 |
| Pol | In reply to @drupol:matrix.orgFeel free to add your +1 and comments! | 11:07:19 |
| @patka_123:matrix.org | And is there anything (that's not too difficult) I can help with? I can't find any open packaging requests for php | 11:08:47 |
| @patka_123:matrix.org | In reply to @drupol:matrix.orgI'm still not sure if I agree. It can be installed with Composer and it states that it supports multiple php versions. They would also have a valid reason to not include a lock file | 11:11:55 |
| Pol | If they produce a PHAR, that means that they have the composer.lock that works ! https://github.com/Smile-SA/gdpr-dump/releases/tag/4.0.3 | 11:12:50 |
| Pol | That means that they can ship it. | 11:12:58 |
| Pol | In reply to @patka_123:matrix.orgThere are no package request AFAIK... however, there's a bug that might need some investigations here: https://github.com/NixOS/nixpkgs/issues/281584 | 11:14:42 |
| Pol | And if you want to fulfill package requests: https://github.com/NixOS/nixpkgs/issues/280374 | 11:15:39 |
| Pol | Another easy one: https://github.com/NixOS/nixpkgs/issues/262142 | 11:17:44 |
| @patka_123:matrix.org | In reply to @drupol:matrix.org The phar just means that they also distribute an end user application. If I have a work project and decide to use their tool and use composer for that I'd want to choose my own versions (or at least their their lock is accommodating enough). So from their POV you can still make a valid case that a lock is not needed. And only useful if you create an end user application (which we do for nixpkgs so we can generate it ourselves) | 11:19:12 |
| Pol | Then they should provide the composer.lock file along with the PHAR file. Don't you think? | 11:19:49 |
| Pol | I any case, moving the responsibility of creating the composer.lock file to the users consuming the application is a bad idea in general. They should provide it in a way. | 11:20:49 |
| @patka_123:matrix.org | They can provide it next to the PHAR, but can still decide to not put one in the repo, so end users can create one themselves | 11:21:50 |
| Pol | Yes, that's the middle-ground compromise that I wrote in my message. | 11:23:04 |
| @patka_123:matrix.org | In reply to @drupol:matrix.orgAh sorry, somehow missed that. | 11:23:42 |
| Pol |  Download image.png | 11:24:32 |
| @patka_123:matrix.org | That'd be great! | 11:28:34 |
| Pol | OK we finally agree :D | 11:29:23 |
| Pol | In reply to @patka_123:matrix.orgJust FYI, the most used testing framework in the PHP ecosystem, PHPUnit... did it without any trouble... so I don't see why it wouldn't be possible somewhere else. | 11:37:41 |
| @patka_123:matrix.org | I'm not saying what should be done. Just that if they decide not to provide a lock, that their reason is also valid :) | 11:47:31 |
| @patka_123:matrix.org | Talking about phpunit. Would it be an idea to package paratest? We use that extensively and I see that it is not packaged yet | 11:48:08 |